Lucene search

WordfenceCVELIST:CVE-2023-3636

HistoryAug 31, 2023 - 5:33 a.m.

CVE-2023-3636

2023-08-3105:33:09

Wordfence

www.cve.org

wordpress

plugin

privilege escalation

vulnerability

user role modification

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

51.7%

JSON

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the ‘save_users_map_name’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘usernames’ parameter.

CNA Affected

[
  {
    "vendor": "wedevs",
    "product": "WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.6.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/wedevs-project-manager/tags/2.6.3/src/User/Controllers/User_Controller.php#L158

plugins.trac.wordpress.org/changeset/2942291/wedevs-project-manager#file1792

www.wordfence.com/threat-intel/vulnerabilities/id/6a5e4708-db3e-483c-852f-1a487825cf92?source=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

51.7%

JSON

Related for CVELIST:CVE-2023-3636